notarizing DMG fails

panagiotis merakos merakosp at gmail.com
Tue May 4 12:19:29 EDT 2021 

Hello Tiemo,

When did you create these certificates? And what is your MacOS version, and
the Xcode version returned if you type "xcode-select -p" in a Terminal? I
am wondering if you need to install the new Apple Worldwide Developer
Relations Intermediate Certificate:

https://developer.apple.com/support/wwdr-intermediate-certificate/

You can find it here:

https://developer.apple.com/support/expiration/

Kind regards,
Panos
--

On Tue, 4 May 2021 at 19:02, Tiemo via use-livecode <
use-livecode at lists.runrev.com> wrote:

> Hi Matthias,
>
> still struggeling ...
>
> I have two developer certificates in my keychain:
> Developer ID Installer : <my ID>
> Developer ID Application: <my ID>
>
> Using the Application certificate on the app and pkg and dmg, all
> codesigning is fine, even when verifying it, but I get the "The binary is
> not signed" error in the notarization log, when notarizing the dmg ???
> Using the Installer certificate on the pkg, I get already the error when
> codesigning the pkg "this identity cannot be used for signing code" ???
>
> All errors are the same, either using the tool "Packages" or creating the
> package on command line by pkgbuild
> (productbuild is only for builing appStore apps, as far as I see it)
>
> I must be missing something obvious
>
> Any other ideas?
> Tiemo
>
>
> -----Ursprüngliche Nachricht-----
> Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag von
> matthias rebbe via use-livecode
> Gesendet: Dienstag, 4. Mai 2021 13:49
> An: How to use LiveCode <use-livecode at lists.runrev.com>
> Cc: matthias_livecode_150811 at m-r-d.de
> Betreff: Re: notarizing DMG fails
>
> Tiemo,
>
> you can create 2 different installer certificates in you Apple developer
> account.
> One is called 'Mac Installer Distribution' and is used for code signing
> installers for the Mac App Store.
> The other one is called 'Developer ID Installer' and is used to code sign
> your  Installer Package for distribution outside of the Mac App Store
>
> Which one did you use for signing the packager?
>
> And another question, how did you build the package? Did you use a 3rd
> party tool or did you use 'productbuild' in Terminal?
> If you used a 3rd party tool, then could you please try to create the
> package installer using terminal command?
>
> productbuild --sign <Developer ID Installer signing identity> --component
> <path_to_your_App> /Applications <path_of_the_packager>
>
> example
> productbuild --sign "Developer ID Installer: Matthias Rebbe
> (xxxxxxxxxxxxx)" --component "/users/matthias/LC/builts/test/test.app"
> /Applications "/users/matthias/downloads/MyPackager.pkg"
>
>
> But maybe it was just the wrong installer certificate
>
> Regards
> Matthias
>
>
> -
> Matthias Rebbe
> Life Is Too Short For Boring Code
>
> > Am 04.05.2021 um 12:08 schrieb Tiemo via use-livecode <
> use-livecode at lists.runrev.com>:
> >
> > Hi Matthias,
> >
> > thank you for your ideas. I tried both.
> >
> > When using just signed, but not notarized apps, packing, signing the
> > pkg, wrapping into dmg, signing the dmg, I get the same error when
> > notarizing the dmg "The binary is not signed"
> >
> > When trying to notarize the signed pkg via terminal I get the error:
> > "unable to  notarize app"
> > "Upload succeeded but did not receive a RequestedUUID. Unable to
> > upload your app for notarization (-1018)"
> >
> > I also tried to use the "Installer" certificate instead of the
> "Application"
> > certificate, but trying this with codesigning the package, I get the
> > error "this identitiy cannot be used"
> > (actually I don't know for what purposes you can use the Installer
> > certificate)
> >
> >
> > Codesigning and notarizing the apps works fine ...
> >
> > Perhaps I'll look for another packager and go testing with another
> packager.
> >
> > Any other ideas?
> > Tiemo
> >
> >
> > -----Ursprüngliche Nachricht-----
> > Von: use-livecode <use-livecode-bounces at lists.runrev.com> Im Auftrag
> > von matthias rebbe via use-livecode
> > Gesendet: Dienstag, 4. Mai 2021 10:34
> > An: How to use LiveCode <use-livecode at lists.runrev.com>
> > Cc: matthias_livecode_150811 at m-r-d.de
> > Betreff: Re: notarizing DMG fails
> >
> > Hi Tiemo,
> >
> > but you did not create a .pkg from the a notarized app, did you?
> >
> > You have to create and code sign a .pkg from the code signed, but not
> > notarized, .app  and then you have to notarize only the .pkg or the
> > code signed .dmg, if you want to distribute as .dmg.
> > So the steps are
> >
> > 1. code sign your .app - do not notarize it!
> > 2. create a .pkg from the .app and code sign it 3. if you want to
> > distribute as dmg, create .dmg with the .pkg and code sign the .dmg 4.
> > notarize the .pkg (or the .dmg)
> >
> > The staple process then writes the needed information to the .dmg, to
> > the containing .pkg and the .app.
> >
> > If these are the steps you've done already, then could you please try
> > the following using the helper stack
> >
> > 1. code sign .app
> > 2. notarize the .app using the '.zip method'
> >
> > Is this successful? Then the problem does not rely on your .app.
> > In this case please repeat and code sign the .app using the helper
> > stack and use the .dmg method
> >
> > Is this successful? If so, then also the .dmg is fine
> >
> > Repeat now manually, as .pkg is not supported by the helper stack.
> >
> > 1. code sign .app
> > 2. create .pkg
> > 3. code sign .pkg
> > 4. notarize .pkg
> >
> > Is this successful?
> >
> > Regards,
> >
> > Matthias
> >
> >
> >
> >
> >
> >
> > -
> > Matthias Rebbe
> > Life Is Too Short For Boring Code
> >
> >> Am 04.05.2021 um 09:47 schrieb Tiemo via use-livecode
> > <use-livecode at lists.runrev.com>:
> >>
> >> Hello,
> >>
> >>
> >>
> >> I have signed and notarized several apps with Matthias tool -
> >> successful
> >>
> >> Then I packaged theses apps with Packages and signed the package via
> >> terminal - successful
> >>
> >> Then I  put the pkg into a dmg via DMG canvas and signed the dmg via
> >> terminal - successful
> >>
> >> Then I uploaded the dmg for notarization via terminal. The upload was
> >> successful, but the email from apple told me, that the upload was not
> >> notarized and the logfile tells me:
> >>
> >>
> >>
> >> Severity: Error
> >>
> >> Path: "DGSlern_Update_1.0.0.4.dmg/DGS Lernprogramm 1.0.0.4 Update .pkg"
> >>
> >> Message: The binary is not signed
> >>
> >>
> >>
> >> This is a bit irritating. Has anybody anytime encountered such
> >> conflicting messages?
> >>
> >> Any idea, where to look for?
> >>
> >> Thanks
> >>
> >> Tiemo
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> use-livecode mailing list
> >> use-livecode at lists.runrev.com
> >> Please visit this url to subscribe, unsubscribe and manage your
> > subscription preferences:
> >> http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> > subscription
> > preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
> >
> >
> > _______________________________________________
> > use-livecode mailing list
> > use-livecode at lists.runrev.com
> > Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> > http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>
>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>

More information about the use-livecode mailing list